HostedDB - Dedicated UNIX Servers
Securing-Optimizing-RH-Linux-1_2_70
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 70 The last two parameters (10 and 60) are unused by the system so we don’t need to change the default ones. You can usually put the above command in the “/etc/rc.d/rc.local” script file and avoid to type it again the next time your system reboot. Look at “/usr/src/linux/Documentation/sysctl/vm.txt” for more information on how to improve kernel parameters related to virtual memory. 4.    The “ip_local_port_range” parameters The ip_local_port_range “/proc/sys/net/ipv4/ip_local_port_range” defines the local port range that is used by TCP and UDP traffics to choose the local port. You will see in the parameters of this file two numbers: The first number is the first local port allowed for TCP and UDP traffic on the server, the second is the last local port number. For high-usage systems you may change his default parameters to 32768-61000 (first-last). · To change the values of ip_local_port_range, type the following on your terminal: [root@deep /]# echo “32768 61000” > /proc/sys/net/ipv4/ip_local_port_range Add the above commands to the “/etc/rc.d/rc.local” script file and you’ll not have to type it again the next time if you reboot your system. 5.    The “/etc/nsswitch.conf” file The “/etc/nsswitch.conf” file is used to configure which services are to be used to determine information such as hostnames, password files, and group files. The two last information “password files”, and “group files” in our case are not used since we don’t use NIS service in our server. So we will focus on the “hosts” line in this file. Edit the nsswitch.conf file (vi /etc/nsswitch.conf) and change the “hosts” line to read: "hosts:      dns files" Which mean for programs that want to resolve an address to use dns feature first and after the “/etc/hosts” file if the DNS servers are not available or can’t resolve the address. Also, we would recommend to delete all instances of NIS service from each line of this file unless you are using NIS! The result must look like this: passwd:     files shadow:     files group: files hosts: dns files bootparams: files ethers: files netmasks: files networks:   files protocols:   files rpc:    files services:    files automount: files aliases: files 6.    The “file-max” parameter